Application whitelisting – an underutilized component of Zero Trust

From Colonial Pipeline, to JBS (the world’s largest meatpacker), to the recent hack on software company Kaseya, high-profile ransomware attacks are on the rise, with little sign of letting up. These crippling attacks lock access to systems and data and leave victims scrambling to recover and, in some cases, paying the hacker’s ransom with the hope of regaining access to business-critical files and systems.

In IDG’s new Global Intelligence Report on Cybersecurity, 62% of respondents expect a financially driven attack such as ransomware to hit their organization in the next 12 months. More than one-third (37%) say these types of attacks are potentially catastrophic to their organizations.

In response, more organizations are adapting a zero-trust security model, which, as the name implies, takes a strict approach to access control to limit unwanted and unauthorized access to data, systems, and platforms.

But the IDG study finds that a key component of a zero-trust framework remains underutilized: application whitelisting (AWL). Just 32% of respondents have deployed AWL as part of their endpoint protection solutions.

Safe, tested, and approved

AWL is a cybersecurity strategy that only allows tested, safe, and approved applications to run on a device, computer, or network. AWL is an alternative to blacklisting, which compiles a list of known malicious files and prevents them from running.

With AWL, rather than trying to keep up with an endless and constantly changing stream of malicious code within the malware landscape (a virtually impossible task), organizations instead compile a list of approved applications for an endpoint device to access. Applications from that list are all that the device is allowed to run. Real-time whitelisting blocks malicious outside software like ransomware from unauthorized access to your organization’s network and devices.

Although AWL is consistently regarded as “best practice” by the NIST, CISA, FBI, and other security groups, many organizations have been reluctant to deploy it, in part because of the perception that AWL is too resource-intensive to deploy and manage.

Newer solutions, however, make AWL deployment and management more practical, because organizations no longer need to build their own whitelists from scratch. As an example, PC Matic offers a Global Whitelist of known “good” applications that serves as a baseline at deployment. In-house IT teams can then add any proprietary applications to that list.

Foundational to zero trust

IT and security teams should consider AWL as foundational to any zero-trust security strategy. Zero trust is based on the philosophy that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. It also relies on the principle of least privilege (PLP), which advises restricting access to information, systems, and services, and grants permission to privileged systems and data only to individuals that require access for their jobs.

AWL is the essence of zero trust in action. It puts control into the hands of IT and security teams by allowing only “known” or “trusted” applications to run in an environment. For this reason, application whitelisting is one of the best defenses a business can put in place to defend against the plague of ransomware.

Learn how organizations of all sizes are preventing ransomware with the only automated global whitelist for zero-trust cybersecurity.

Read about IDG’s Global Intelligence Report on Cybersecurity.